TruWalletM: Secure web authentication on mobile platforms

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6802 LNCS, Issue , 2011, Pages 219-236

  Bugiel, Sven ^a   Dmitrienko, Alexandra ^b   Kostiainen, Kari ^c   Sadeghi, Ahmad Reza ^a   Winandy, Marcel ^b  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b RUHR UNIVERSITY BOCHUM   (Germany)

^c NOKIA RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EXECUTION ENVIRONMENTS; GENERAL-PURPOSE COMPUTING; INTERNET CONNECTION; MALWARE ATTACKS; MOBILE PLATFORM; PHISHING; SECURITY MECHANISM; WEB AUTHENTICATION;

AUTHENTICATION; COMPUTER CRIME; INTERNET; MOBILE DEVICES; MOBILE PHONES; NETWORK SECURITY; SOFTWARE AGENTS; TELEPHONE SETS; WEB SERVICES;

CELLULAR TELEPHONE SYSTEMS;

EID: 82055183861     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-25283-9_15     Document Type: Conference Paper

References (28)

1. Gajek, S., Löhr, H., Sadeghi, A.R., Winandy, M.: TruWallet: trustworthy and migratable wallet-based web authentication. In: STC 2009: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, pp. 19-28. ACM, New York (2009)
2. Gajek, S., Sadeghi, A.R., Stüble, C., Winandy, M.: Compartmented security for browsers - or how to thwart a phisher with trusted computing. In: 2nd International Conference on Availability, Reliability and Security (ARES 2007), pp. 120-127. IEEE Computer Society, Los Alamitos (2007)
3. Jackson, C., Boneh, D., Mitchell, J.: Spyware resistant web authentication using virtual machines (2006), http://www.crypto.stanford.edu/ spyblock/
4. Jammalamadaka, R.C., van der Horst, T.W., Mehrotra, S., Seamons, K.E., Venkasubramanian, N.: Delegate: A proxy based architecture for secure website access from an untrusted machine. In: 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 57-66. IEEE Computer Society, Los Alamitos (2006)
5. Kwan, P.C.S., Durfee, G.: Practical uses of virtual machines for protection of sensitive user data. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 145-161. Springer, Heidelberg (2007) (Pubitemid 350259423)
6. Selhorst, M., Stüble, C., Feldmann, F., Gnaida, U.: Towards a trusted mobile desktop. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 78-94. Springer, Heidelberg (2010)
7. Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proc. of the 4th ACM Symposium on Information, Computer, and Communications Security (ASIACCS 2009). ACM, New York (2009)
8. Azema, J., Fayad, G.: M-Shield mobile security technology: making wireless secure. Texas Instruments White Paper (2008), http://focus.ti.com/pdfs/ wtbu/ti-mshield-whitepaper.pdf
9. Alves, T., Felton, D.: TrustZone: Integrated hardware and software security. Information Quaterly 3 (2004)
10. Heise Security: Hacker extracts crypto key from TPM chip (2010), http://www.h-online.com/security/news/item/ Hacker-extracts-crypto-key-from-TPM- chip-927077.html
11. Jackson, C., Boneh, D., Mitchell, J.: Transaction generators: Root kits for web. In: 2nd USENIX Workshop on Hot Topics in Security (HotSec 2007), pp. 1-4. USENIX Association (2007)
12. Ristic, I.: Internet SSL server survey. In: BlackHat, USA (2010)
13. Dhamija, R., Tygar, J.D.: The battle against phishing: Dynamic security skins. In: SOUPS 2005: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 77-88. ACM, New York (2005)
14. Bank of America: Identity Theft Fraud Protection from Bank of America (2010), http://www.bankofamerica.com/privacy/sitekey
15. Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130-144. Springer, Heidelberg (2001)
16. Network Working Group: The transport layer security (TLS) protocol. version 1.2. Standards track (2008), http://tools.ietf.org/html/rfc5246
17. Wu, M., Miller, R.C., Little, G.: Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In: 2nd Symposium on Usable Privacy and Security (SOUPS 2006), pp. 102-113. ACM, New York (2006)
18. Maemo: Project website (2010), http://maemo.org
19. Paros: Project website (2010), http://www.parosproxy.org
20. Gajek, S., Sadeghi, A.R., Stuble, C., Winandy, M.: Compartmented security for browsers - or how to thwart a phisher with trusted computing. In: ARES 2007: Proceedings of the The Second International Conference on Availability, Reliability and Security, pp. 120-127. IEEE Computer Society, Washington, DC, USA (2007)
21. Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor's new security indicators. In: SP 2007: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 51-65. IEEE Computer Society, Washington, DC, USA (2007)
22. Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: Proceedings of the 13th USENIX Security Symposium, USENIX, pp. 179-194 (2004)
23. Baiardi, F., Cilea, D., Sgandurra, D., Ceccarelli, F.: Measuring semantic integrity for remote attestation. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 81-100. Springer, Heidelberg (2009)
24. Trusted Computing Group: TPM Main Specification, Version 1.2 rev. 103 (2007)
25. Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: IEEE Symposium on Security and Privacy (S&P 1992), pp. 72-84 (1992)
26. Jablon, D.P.: Strong password-only authenticated key exchange. Computer Communication Review 26, 5-26 (1996)
27. Wu, T.: The secure remote password protocol. In: Network and Distributed System Security Symposium (NDSS 1998), pp. 97-111. The Internet Society, San Diego (1998)
28. Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: RFC5054: Using the secure remote password (SRP) protocol for TLS authentication (2007), http://www.ietf.org/rfc/rfc5054